Commit 107f379 Paul M. Jones
committed
1 parent 4e68cc0 commit 107f379 Copy full SHA for 107f379
File tree 1 file changed +4
-3
lines changed
1 file changed +4
-3
lines changed Original file line number Diff line number Diff line change @@ -287,9 +287,10 @@ if ($unsafe && $user->auth->isValid()) {
287287
288288For a CSRF token to be useful, its random value must be cryptographically
289289secure. Using things like ` mt_rand() ` is insufficient. Aura.Session comes with
290- a ` Randval ` class that implements a ` RandvalInterface ` , and uses either the
291- ` openssl ` or the ` mcrypt ` extension to generate a random value. If you do not
292- have one of these extensions installed, you will need your own random-value
290+ a ` Randval ` class that implements a ` RandvalInterface ` . It uses the
291+ [ ` random_bytes() ` ] ( http://php.net/random_bytes ) function preferentially, then
292+ ` openssl ` , or finally ` mcrypt ` to generate a random value. If you do not
293+ have one of these installed, you will need your own random-value
293294implementation of the ` RandvalInterface ` . We suggest a wrapper around
294295[ RandomLib] ( https://github.com/ircmaxell/RandomLib ) .
295296
You can’t perform that action at this time.
0 commit comments